njrat | 88e3771d0df5183c6e49438db031e378b1d85be315f6f477617a1ca698944ada | Triage

Sharing

General

Target

bRdP.exe
Size

23KB
Sample

231101-bhqgxagd6z
MD5

a3352857ad5be8542c961e979f99c206
SHA1

da7432c7c6e845e7527b1afc1bf3eff059ec5fb5
SHA256

88e3771d0df5183c6e49438db031e378b1d85be315f6f477617a1ca698944ada
SHA512

a8296458ac687599827a2e99cb2b251dcacd175d9d2fe6823865d9ca3c9160cd93420fa9ced8e97aa79e44b9aa14a935bb1c482937ac7c123e0c738cedbaf9dc
SSDEEP

384:v+n2650N3qZbATcjRGC5Eo9D46BgnqUhay1ZmRvR6JZlbw8hqIusZzZyE:Im+71d5XRpcnuo

Score

10^/10

njrat lammer evasion trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

Lammer

C2

0.tcp.sa.ngrok.io:11608

Mutex

2f80826e57fc9ce2ed2b587829b0f2de

Attributes

reg_key
2f80826e57fc9ce2ed2b587829b0f2de
splitter
|'|'|

Targets

- Target
  
  bRdP.exe
- Size
  
  23KB
- MD5
  
  a3352857ad5be8542c961e979f99c206
- SHA1
  
  da7432c7c6e845e7527b1afc1bf3eff059ec5fb5
- SHA256
  
  88e3771d0df5183c6e49438db031e378b1d85be315f6f477617a1ca698944ada
- SHA512
  
  a8296458ac687599827a2e99cb2b251dcacd175d9d2fe6823865d9ca3c9160cd93420fa9ced8e97aa79e44b9aa14a935bb1c482937ac7c123e0c738cedbaf9dc
- SSDEEP
  
  384:v+n2650N3qZbATcjRGC5Eo9D46BgnqUhay1ZmRvR6JZlbw8hqIusZzZyE:Im+71d5XRpcnuo
Score

10^/10

njrat evasion trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Drops startup file
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

njratevasiontrojan

behavioral2

njratevasiontrojan